bug bounty automation tool

Citrix Netscaler ADC & Gateway v13.1-50.23 - Out-Of-Bounds Memory Read

CloudPwn is cloud enumeration toolkit, designed for security professionals and enthusiasts to uncover and analyze resources in cloud environments.

BeHat Configuration file leaking

csefo crawling and spidering Deep crawling – now the crawler will follow all internal links recursively and deeply.

NOTICE: Reconsense in intial phase don't pull code or make kind of changes. API keys are hardcoded for now so dont make it public.

A Flask-based Server-Side Template Injection lab with multiple challenge levels for security testing and learning.

Experimental MCP local server for bug hunters to speed up exploits searches

A subdomain enumeration tool designed to find WAF's and 404 pages for takeover and enumeration

Automated NoSQL database enumeration and web application exploitation tool.

grepX is a multi-threaded CLI tool which extracts some special URLs with parameters that may be vulnerable. Each pattern will output different URLs according to its parameters.

NextDisc is a discovery tool designed for analyzing applications built with Next.js. It extracts valuable information about the app’s structure, routes, and resources by parsing key files and data points commonly found in Next.js applications.

Bug Bounty Hunter

WEAPOW é uma coleção de ferramentas criada para auxiliar em tarefas de segurança da informação, auditoria, PENTEST e BUGBOUNTY

BLHawk - Dead links aren't always dead!

Fast and reliable python tool that grabs robots.txt files from a bunch of subdomains asynchronously

Developers often add sensitive information in comments for their internal use but sometimes they forgot to mask or remove them before launching it on the internet or public access. So you can use this tool to simply test the page for those HTML comments and check if any sensitive information you can get!!!

Shastra is a powerful and flexible SQL Injection (SQLi) scanner and static analyzer built using Playwright, with support for dynamic form fuzzing, header injection, parameter tampering, and optional static code analysis via Bandit.

Togomori is a comprehensive solution for web applications reconnaissance designed to simplify the process of information gathering and data visualization.